Hacker News new | past | comments | ask | show | jobs | submit | whyagaindavid's comments login

This depends on the CDN. Lets say you are using google or cloudflare CDN. They have more engineers and better security processes – and work 24X7 -365 days – continuous monitoring – than you remembering to download jquery update. What about if you are on holiday (post/pre COVID era)? BA is not the best example… Rename your article to: Please stop using ‘unknown CDNs’…


This is not strictly 'Bypassing' MDM.

Sure you get a device that you can flash/root/reinstall - but will it be authenticated/allow login by Google/Your company?

> Here our objective was not to break the crypto or recover the data, it was to remove any MDM application and remove all restrictions on the device.

Yes you can remove - resell device. But MDM is not designed to prevent reinstall/selling/whatever.

Beyond Corp principles:

A particular network connection must not determine which services a user can access. Access to services is granted based on what we know about a user and the device. All access to services must be authenticated, authorized and encrypted.

Are you able to authorise device with your company/google? We are listening...


Here the scope of the PT was something different than getting access to the filesystem or bypassing corp filters. Breaking the mdm implemented in the firmware was the crude target.


if anyone from mozilla is reading hn, the link on the pop-up box 'Get the Lockbox app' go to 'apple appstore' even if I click on the Google Play icon.


Thanks for the heads up! We'll get that fixed.


  > in the UK, you can open an account in minutes on your mobile phone with any photo ID, even if you're not a UK resident.
But u need a house contract/utility bill. I was in this situation recently. Arrived from non EU. Cannot sign a rental agreement as i did not have bank account and could not get bank account as i had no rental agreements!


May be switch off your devices. Restart router to get a new ip. - get a new phone and try. Perhaps one device is having malware.


I manage IT for a number of small businesses, so I routinely reformat my devices and also monitor traffic on my network regularly so I am fairly certain there is no malware. (Well, to the extent that one can be confident, at all, nowadays.)

That said, the idea that Google can hold my time hostage in this way is concerning. The suggestions you presented are not feasible for most users. Who has money to just go buy a new phone because Google's reCAPTCHAs are taking up their day? Why should that be acceptable?


Well overall Cook is right but... apple needs to provide alternatives to the common people!

1. There is no equivalent for Facebook and apple cannot build a one with privacy 2. There is none from Google-Search and apple has not built one 3. About WhatsApp? (iMessages - yes only within walled garden!) 4. Google groups-? 5. Browser? Safari? 6. Calendar -> Even creating a icloud account needs iDevice 7. Cant create more than 2 Apple account from same iphone!


Can u recommend me one? Very much interested in itx with 12V power. Thanks


https://outline.com/nWt5uF


If you are on linux please see: https://utcc.utoronto.ca/~cks/space/blog/web/ChromeWalkingAw...


Not that I am supporting Chromium (never used Chrome) or google but you could create a

  /etc/chromium-browser/policies/managed/test_policy.json
with contents

  {
       "DownloadDirectory": "/tmp",
       "DefaultNotificationsSetting": 2,
       "DefaultGeolocationSetting": 2,
       "AutoplayAllowed": false,
       "SigninAllowed": false,
       "RestrictSigninToPattern": "^$",
       "SyncDisabled": true,
       "CloudPrintProxyEnabled": false,
       "CloudPrintSubmitEnabled": false,
       "SpellCheckServiceEnabled": false,
       "TranslateEnabled": false,
       "SearchSuggestEnabled": false,
       "NetworkPredictionOptions": 2,
       "BrowserNetworkTimeQueriesEnabled": false,
       "MetricsReportingEnabled": false,
       "SafeBrowsingEnabled": false,
       "SafeBrowsingExtendedReportingOptInAllowed": false,
       "DefaultBrowserSettingEnabled": false,
       "SavingBrowserHistoryDisabled": true,
       "DefaultSearchProviderEnabled": true,
       "DefaultSearchProviderName": "DuckDuckGo",
       "DefaultSearchProviderSearchURL": "https://duckduckgo.com/?q={searchTerms}&kp=-1&kd=1&kl=uk-en",
       "DefaultSearchProviderIconURL": "https://duckduckgo.com/favicon.ico",
       "URLBlacklist": ["facebook.com", "https://www.facebook.com"],
       "CookiesAllowedForUrls": ["[*.]whatever.com", "[*.]whatevercdn.com", "[*.]whatever.io"],
       "CookiesBlockedForUrls": [
               "[*.]doubleclick.net",
               "[*.]wideopenpets.com"
       ],
       "BackgroundModeEnabled": false,
       "WPADQuickCheckEnabled": false,
       "VideoCaptureAllowed": false,
       "AudioCaptureAllowed": false,
       "EnableMediaRouter": false,
       "NativeMessagingUserLevelHosts": false,
       "DefaultWebBluetoothGuardSetting": 2,
       "ExtensionInstallForcelist": ["geddoclleiomckbhadiaipdggiiccfje;https://clients2.google.com/service/update2/crx","cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx","kljjfejkagofbgklifblndjelgabcmig;https://clients2.google.com/service/update2/crx"]
   }
For more flags: use chrome://policy https://www.chromium.org/administrators/linux-quick-start

P.S: I do understand your concern. But I see that increasingly google is building for its billions outside of EU/US where people share devices and look at security in a totally different way.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: